Miners can influence block.timestamp to alter winnerIndex
Summary
Dangerous use of block.timestamp exists in L128-L130 in PuppyRaffle.sol. block.timestamp can be manipulated by miners. This causes a weak PRNG in the mentioned LOC.
Vulnerability Details
In the code, winnerIndex is being computed after taking the keccak256 hash of the encoding of msg.sender, block.timestamp and block.difficulty. Miners can manipulate block.difficulty to change the winnerIndex.
Impact
Miners can alter the block.timestamp to influence the randomness. The winner's address is initialized by the winnerIndex which is being computed using block.timestamp. Miners can manipulate the winner's address by slightly adjusting the block.timestamp.
This allows miners to control the randomness and in turn changing the Winner of the raffle. This causes loss of funds for the actual winner and disrupts the protocol from giving out the rewards to the actual Winner.
Tools Used
Slither and Manual Review
Recommendations
Use ChainlinkVRF to produce randomness for all cases where RNG is required.
Lead Judging Commences
weak-randomness
Root cause: bad RNG Impact: manipulate winner
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.